Описание
jrburke requirejs vulnerable to prototype pollution
jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-38999
- https://github.com/requirejs/r.js/issues/1015
- https://github.com/requirejs/requirejs/issues/1854
- https://github.com/requirejs/requirejs/pull/1856/commits/ebd7a2ff71473542fa132d0d15c10fb4ed1539e1
- https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a
- https://security.snyk.io/vuln/SNYK-JS-REQUIREJS-5416713
Пакеты
requirejs
<= 2.3.6
2.3.7
Связанные уязвимости
jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
jrburke requirejs v2.3.6 was discovered to contain a prototype polluti ...
Уязвимость функции s.contexts._.configure библиотеки для загрузки модулей JavaScript RequireJS, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
